Description
Cross-site scripting (XSS) vulnerability in the self_link function in in the RSS Feed Generator (wp-includes/feed.php) for WordPress before 2.6.5 allows remote attackers to inject arbitrary web script or HTML via the Host header (HTTP_HOST variable).
Remediation
References
Related Vulnerabilities
WordPress 3.9.x Cross-Site Request Forgery (3.9 - 3.9.26)
Oracle JRE CVE-2012-5088 Vulnerability (CVE-2012-5088)
ZenCart Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-4403)
WordPress Plugin iPages Flipbook For WordPress Cross-Site Scripting (1.4.2)
WordPress Plugin Debug Bar Multiple Unspecified Vulnerabilities (0.8.4)